Store Dynatrace images in private registries - Kubernetes

You can store Dynatrace containers in private registries in Kubernetes environments using either a lightweight or an immutable OneAgent container image.

The lightweight image consists of a OneAgent installer, which downloads necessary binaries from the Dynatrace Cluster.
The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.

Use an immutable OneAgent imageUse a lightweight OneAgent image

Pull the Dynatrace Operator image.
Example command:

docker pull docker.io/dynatrace/dynatrace-operator:v<X.Y.Z>

Note: Be sure to replace <X.Y.Z> with the latest Dynatrace Operator version.

Pull a specific immutable OneAgent image version.
Example command:

docker pull <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_ENVIRONMENT_DOMAIN_NAME> with your own environment domain name (the URL without https://), and <x.y.z> with your desired OneAgent version.

Tag each image for your own registry.
Example command:

docker tag docker.io/dynatrace/dynatrace-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-operator:v<X.Y.Z>
docker tag <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z> <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace:

<X.Y.Z> with the latest Dynatrace Operator version.
<YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with the Dynatrace Operator address from your private registry.
<YOUR_ENVIRONMENT_DOMAIN_NAME> with your environment domain name (the URL without https://).
<x.y.z> with your desired OneAgent version.
<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with the OneAgent address from your private registry.

Push both images to your own registry.
Example command:

docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-operator:v<X.Y.Z>
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>

Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>, <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>, <X.Y.Z>, and <x.y.z> with your own values.

Download the latest kubernetes.yaml file from the Dynatrace GitHub repository.

wget https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes.yaml

If your registries need authentication, update imagePullSecrets on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods.
Deploy Dynatrace Operator.

kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml

Download the cr.yaml file for DynaKube custom resource.

wget https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/samples/cr.yaml

Open cr.yaml in a text editor and make the following changes:

Change useImmutableImage to true.
Adapt other values according to the parameters section of the Dynatrace Operator deployment page.
Note: When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.

Deploy the DynaKube custom resource.

kubectl apply -f cr.yaml

Pull the Dynatrace Operator image.
Example command:

docker pull docker.io/dynatrace/dynatrace-operator:v<X.Y.Z>

Note: Be sure to replace <X.Y.Z> with the latest Dynatrace Operator version.

Pull the lightweight OneAgent image.

docker pull docker.io/dynatrace/oneagent

Tag each image for your own registry.
Example command:

docker tag docker.io/dynatrace/dynatrace-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-operator:v<X.Y.Z>
docker tag docker.io/dynatrace/oneagent:latest <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/dynatrace-oneagent:latest

Note: Be sure to replace:

<X.Y.Z> with the latest Dynatrace Operator version.
<YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with the Dynatrace Operator address from your private registry.
<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with the OneAgent address from your private registry.

Push both images to your own registry.

docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-operator
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/dynatrace-oneagent:latest

Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> and <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with your own values.

Download the kubernetes.yaml file from Dynatrace GitHub repository.

wget https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes.yaml

Open kubernetes.yaml in a text editor and replace all image field instances with image: <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>, making sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS> with your own value.
If your registries need authentication, update imagePullSecrets on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods.
Deploy Dynatrace Operator.

kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml

Download the cr.yaml file for DynaKube custom resource.

wget https://github.com/Dynatrace/dynatrace-operator/blob/master/config/samples/cr.yaml

Open cr.yaml in a text editor and make the following changes:

Replace the empty value of the image field (image: "") with image: <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>.
Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS> with your own value.
Adapt other values (proxy, apiUrl, etc.) according to the parameters section of the Dynatrace Operator deployment page.

Deploy the DynaKube custom resource.

kubectl apply -f cr.yaml